<?php
	class PrivilegeVerifier
	{
		const ROLE_DENY    = 0;
		const ROLE_STUDENT = 1;
		const ROLE_TEACHER = 2;
		const ROLE_ADMIN   = 3;

		public function __construct($request)
		{
			$this->request = $request;

			if (array_key_exists('session', $request))
				$user = SessionModel::getUser($request['session']);

			if ($user == NULL) return;

			$this->user = $user;

			$this->fillRole();
		}

		public function getUserName()
		{
			return $this->user;
		}

		public function getUserRole()
		{
			return $this->role;
		}

		public function ensurePrivilege($role)
		{
			if ($this->role >= $role) return;

			$reply = ReplyBuilder::get(-1, $this->request);

			LogModel::put('SYSTEM', 'VERIFY_PRIVILEGE', 
				'USER: ' . $this->user . ', DENIED');

			XAjax::send($reply);

			die();
		}

		public static function getRole($user)
		{
			if (ADModel::memberof($user, 'Cute Net Super'))
				return self::ROLE_ADMIN;
			else if (ADModel::memberof($user, 'Cute Net Teacher'))
				return self::ROLE_TEACHER;
			else if (ADModel::memberof($user, 'Cute Net Student'))
				return self::ROLE_STUDENT;
			return self::ROLE_DENY;
		}

		private function fillRole()
		{
			$this->role = self::getRole($this->user);
		}

		private $request;
		private $user = NULL;
		private $role = self::ROLE_DENY;
	}
?>